Splunk Enterprise Certified Architect — Question 83

Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?

Answer options

• A. Replace the indexer storage to solid state drives (SSD).
• B. Add more search heads and redistribute users based on the search type.
• C. Look for slow searches and reschedule them to run during an off-peak time.
• D. Add more search peers and make sure forwarders distribute data evenly across all indexers.

Correct answer: D

Explanation

Adding more search peers and ensuring that forwarders evenly distribute data across all indexers enhances the overall search performance by balancing the load. Options A, B, and C may provide some improvements, but they do not address the fundamental issue of data distribution and load balancing as effectively as option D does.